none
ClickOnce - The deployment identity does not match the subscription. RRS feed

  • Question

  • I have a ClickOnce deployment which is giving me the dreaded "The deployment identity does not match the subscription" error. This is quite an old application, which has been through many update cycles without running into this problem, so I'm at something of a loss as to what the issue could be. I've done the usual trawl through the forums, and most of the issues are obvious - either changing the processor architecture, or very old threads about expired certificates.

    In this case, the application is signed by a third party (my client), using their own code-signing certificate. Their certificates expire annually, so the obvious problem is that the public key token of the application has changed. However, as I say, we've done this many times before, apparently without this being an issue. The machines I'm testing with all have at least .Net 3.5 SP1 installed, so as per Robin Shahan's classic article on the subject (https://msdn.microsoft.com/en-us/library/ff369721.aspx) I believe we should be able to upgrade automatically even if the signing certificate (and hence the public key token) has changed. I've looked through our deployment archives, and it seems that we have deployed versions with different public key tokens in the past, presumably without issue.

    I've checked the application manifests, and the only properties of the assembly identity which have changed are the version and the public key token.

    What am I missing?

    Monday, September 7, 2015 9:48 AM

Answers

  • I realise this is from a long time ago, but I was just in asking a question elsewhere and realised that I'd never updated this with the eventual resolution... It turned out to be caused by missing intermediate and root certificates on the machine used to do the signing.
    • Marked as answer by Duncan King Tuesday, June 6, 2017 10:51 AM
    Tuesday, June 6, 2017 10:51 AM

All replies